How to access ACR images from calico.yaml

12/6/2021

I have a k3s cluster with calico pods calico-node-xxx & calico-kube-controllers-xxx running in kube-system namespace. I am using calico.yaml config in my project.

Now, I want these images in calico.yaml to be pulled from my ACR repo instead of docker.io repo. So I tagged & pushed these images in my ACR repo and changed the images path in calico manifest yaml file (for e.g. myacrrepo.io/calico/node:v3.17.1 ), so that pods can pull image from ACR repo.

But where should I mention credentials of ACR repo in calico manifest file, as without credential (username/password/hostname) the pod is failing with error x509: certificate signed by unknown authority.

Can someone let me know that where in calico.yaml, ACR repo credential shall I add (and what is the syntax for providing credential in calico.yaml because for dockr.io images no credentials are mentioned in calico.yaml which I can replace with my ACR repo credentials) ?

-- Thor
calico
k3s
kubernetes
project-calico

1 Answer

12/6/2021

If you want to use a private container registry then you have to create an imagePullSecret. Microsoft explained here on how to do that for ACR.

Once you have created the imagePullSecret add it to the pod spec as outlined the section 'Use the image pull secret' of the documenation.

This imagePullSecret is not necessary for docker.io, since docker.io is a public registry and imagePullSecrets are only needed for private registries.

-- avinashpancham
Source: StackOverflow